package org.bozo.im.service.protocols.xmpp.stanza.util.starttls;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.bozo.im.service.Constants;

import android.util.Log;

public class SimpleTrustManager implements X509TrustManager {

	X509TrustManager mDefaultManager;

	public SimpleTrustManager(KeyStore pKeyStore) throws NoSuchAlgorithmException, KeyStoreException {
		super();
		TrustManagerFactory lTrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		lTrustManagerFactory.init(pKeyStore);

		TrustManager[] lTrustManagers = lTrustManagerFactory.getTrustManagers();

		if (lTrustManagers == null || lTrustManagers.length == 0)
			throw new NoSuchAlgorithmException("No trust manager found");

		for (TrustManager lTrustManager : lTrustManagers)
			if (lTrustManager instanceof X509TrustManager)
				mDefaultManager = (X509TrustManager)lTrustManager;
		
		if (mDefaultManager == null)
			throw new NoSuchAlgorithmException("No trust manager found");
	}

	public void checkClientTrusted(X509Certificate[] pChain, String pAuthType) throws CertificateException {
		
		// ---------------------------------------------------------------------------------------
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkClientTrusted ---------- Checking if the client can be trusted");
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkClientTrusted ----------         Certificates: " + pChain.length);
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkClientTrusted ----------         Authentication type: " + pAuthType);
		// ---------------------------------------------------------------------------------------
		mDefaultManager.checkClientTrusted(pChain, pAuthType);
	}

	public void checkServerTrusted(X509Certificate[] pChain, String pAuthType) throws CertificateException {
		// ---------------------------------------------------------------------------------------
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkServerTrusted ---------- Checking if the server can be trusted");
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkServerTrusted ----------         Certificates: " + pChain.length);
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.checkServerTrusted ----------         Authentication type: " + pAuthType);
		// ---------------------------------------------------------------------------------------
		mDefaultManager.checkServerTrusted(pChain, pAuthType);
	}

	public X509Certificate[] getAcceptedIssuers() {
		X509Certificate[] lIssuers = mDefaultManager.getAcceptedIssuers();
		
		// ---------------------------------------------------------------------------------------
		Log.d(Constants.ACTIVITY_TAG, "org.bozo.im.xmpp.util.ssl.SimpleTrustManager.getAcceptedIssuers ---------- Accepted issuers count: " + lIssuers.length);
		// ---------------------------------------------------------------------------------------
		
		return lIssuers;
	}
}
